Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.
The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private. The security officer, Joe Sullivan, has been fired. Mr. Kalanick was forced out in June, although he remains on Uber’s board. The two hackers stole data about the company’s riders and drivers.Read more
Bitcoin cruised past $8,000 for the first time this week, but it hasn’t been smooth sailing for all after Tether — a company that helps exchanges convert fiat currency to token — said today that a hacker snatched nearly $31 million.
Tether operates USDT, a cryptocurrency asset that it backs via the U.S. dollar. The company said that $30,950,010-worth of USDT was taken from its core treasury wallet “through malicious action by an external attacker.” In response Tether said it has flagged the tokens — meaning that it will track them and prevent the holder from exchanging them through its service — and that it is working to recover them.Read more
Security research firm Rhino Security Labs found a vulnerability in the Amazon Key in-home delivery service's security procedures that could allow either the courier or even a savvy and malicious bystander to enter your home undetected after the delivery is completed.
Amazon has promised to change how Key works in order to make it easier for you to tell when something unusual is happening in this event, but the changes proposed by Amazon don't necessarily resolve the vulnerability. Amazon Key is available to Amazon customers who have bought and installed Amazon's own Cloud Cam security camera and installed it at their front door.Read more
A consumer group is urging major retailers to withdraw a number of “connected” or “intelligent” toys likely to be popular at Christmas, after finding security failures that it warns could put children’s safety at risk.
Tests carried out by Which? with the German consumer group Stiftung Warentest, and other security research experts, found flaws in Bluetooth and wifi-enabled toys that could enable a stranger to talk to a child. The investigation found that four out of seven of the tested toys could be used to communicate with the children playing with them. Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.Read more
A hacking group previously linked to the Vietnamese government or working on its behalf has broken into the computers of neighboring countries as well as a grouping of Southeast Asian nations, according to cybersecurity company Volexity.
Steven Adair, founder and CEO, said the hacking group was still active, and had compromised the website of the Association of Southeast Asian Nations over several high-profile summit meetings. ASEAN is holding another summit of regional leaders in the Philippines capital Manila this week. In May, cybersecurity company FireEye reported that the group was actively targeting foreign multinationals and dissidents in Vietnam.Read more
A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own.
Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner. Scans started on Monday. The attacks started on Monday and were first detected by a honeypot set up by Romanian cyber-security firm Bitdefender. Honeypot logs showed attackers trying two peculiar SSH username and password combos.Read more
Got a robot hoover buzzing around your home? It's time to take a look at its security, especially if its an LG device. Researchers from Israeli firm Check Point reported a hack of the LG SmartThinQ app that allowed them to remotely take control of the manufacturer's Hom-Bot hoover and use the video feed to spy on anything in the device's vicinity.
And, the researchers said, the attack could also compromise refrigerators, ovens, dishwashers, washing machines, dryers and air conditioners -- any connected thing controlled by the LG app. Users should update to the latest version of the app.Read more
On Tuesday, reports surfaced that a new kind of malware was spreading around Europe. The apparent ransomware which researchers are calling Bad Rabbit bubbled up in Russia and Ukraine and appears to also be affecting Turkey and Germany, though spread isn’t fully known at this time.
Initial targets include Ukraine’s Ministry of Infrastructure and Kiev’s public transportation system. The Russian news service Interfax also issued an official update stating that it had been hacked and that it was working to restore its systems. Russian news group Fontanka.ru was also affected and focuses on the trend of targeted media outlets.Read more
Digital activists linked to the Anonymous collective, a disparate cohort of hackers from around the world, have claimed responsibility for a fresh wave of cyberattacks against a number of Spanish government websites as part of a pro-Catalonia protest campaign.
Multiple accounts with Anonymous' signature Guy Fawkes masks have been tweeting hashtags in recent weeks including #opCatalunya, #FreeCatalonia and #OpSaveCatalonia. They claimed to have taken several state websites offline. The website of Spain's Ministry of Public Works and Transport was hacked to display a "Free Catalonia" slogan.Read more
Google is offering security experts a bounty to identify Android app flaws as the Alphabet Inc unit seeks to wipe out bugs from its Google Play store.
Each flaw will score at least $1,000 under the program announced on Thursday to back up automated checks that have failed to block malware and other problems that security experts say infect the 8-year-old app store far more than Apple Inc’s rival App Store. Google will partner with HackerOne, a bug bounty program management website, to target a list of apps and flaws such as those that allow a hacker to redirect a user to a phishing website or infect a gadget with a virus.Read more